Behavioral task
behavioral1
Sample
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3.zip
-
Size
36KB
-
MD5
284327b4940230cc1101d484d7a477e0
-
SHA1
442c2fd820adf1980929da5572117c1211b3ec7f
-
SHA256
2e0037526dc99997dd3e17d63d7c5e408511f9e571f2281588564d6857ac8e36
-
SHA512
f0198cc245844069d9fe4264ef02f7728c4995b7aaa07d3b6b46d25b06ecc94c3ed84d9aecf8c66b42f96c6533ed078b62ccbd8182cd1cdc917a790f9c009531
Malware Config
Extracted
Family
njrat
Version
0.7.3
Botnet
Zombie
C2
0.tcp.eu.ngrok.io:14618
Mutex
svchost.exe
Attributes
-
reg_key
svchost.exe
-
splitter
123
Signatures
-
Njrat family
Files
-
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3.zip.zip
Password: infected
-
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3.exe windows x86